CVE-2023-44284

EUVD-2023-48640
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
dellCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
dellpowerprotect_data_protection
𝑥
< 2.7.6
dellapex_protection_storage
𝑥
< 6.2.1.110
dellapex_protection_storage
7.0 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain
𝑥
< 6.2.1.110
dellpowerprotect_data_domain
7.0 ≤
𝑥
< 7.12.0.0
dellpowerprotect_data_domain_management_center
𝑥
< 6.2.1.110
dellpowerprotect_data_domain_management_center
7.0 ≤
𝑥
< 7.13.0.10
dellemc_data_domain_os
𝑥
< 6.2.1.110
dellemc_data_domain_os
7.0 ≤
𝑥
< 7.12.0.0
dellemc_data_domain_os
7.7 ≤
𝑥
< 7.7.5.25
dellemc_data_domain_os
7.10 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain_management_center
7.7 ≤
𝑥
< 7.7.5.25
dellpowerprotect_data_domain_management_center
7.10 ≤
𝑥
< 7.10.1.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities